1. Field of the Invention
This invention relates to a mobile communication terminal authenticating system for authenticating a mobile communication terminal to be used in a mobile communication network, represented by the cellular telecommunication system, and for determining whether the terminal is an authorized terminal which has been registered in that mobile communication network.
2. Description of the Related Art
In a mobile communication system, a mobile communication terminal communicates with a mobile communication network which includes at least a base station and a switching center through a radio channel. Since the radio channel is used, there is a risk that tapping, copying of a terminal identification number or the like are readily made, and in order to prevent unauthorized use by such a mobile communication terminal prepared by the above-mentioned illegal method, an authenticating process is required so as to confirm whether or not the mobile communication terminal which requests a call origination is an authorized terminal which has been registered in that mobile communication network.
FIG. 1 is a block diagram showing a configuration of a mobile communication system using a conventional mobile communication terminal authenticating system.
Reference numeral 10 denotes a configuration of a mobile communication terminal; 10a, a radio transmitter-receiver for communicating with a base station 20 of a mobile communication network through a radio channel; 10b, a memory for storing an authenticating key corresponding to a secret number necessary for preventing unauthorized use; and 10c, a calculating circuit for executing a calculating process on the basis of the secret number and a random number to be described later.
A mobile communication network with which the mobile communication terminal 10 contracts for subscription includes a base station 20 for communicating with the mobile communication terminal 10, a switching center 30 for switching a connection between the mobile communication terminal 10 and other fixed telecommunication networks, and a home location register 40 for storing contracted subscribers' information, authenticating keys, call processing information, and the like. The switching center 30 includes a PN (Pseudo Noise) oscillator 30a for generating random numbers used for an authenticating process for every call request, a calculating circuit 30b for executing a calculating process on the basis of the random numbers outputted from the PN oscillator 30a and the authenticating keys stored in the home location register, a comparator 30c for comparing the result outputted from the calculating circuit 30b with the calculating results received from the mobile communication terminal 10 through the base station 20, and a control circuit 30d for executing a call connecting process on the basis of the result of the comparator 30c.
The home location register 40 is located in another switching center (home memory station) (not shown) constituting the mobile communication network.
The switching center 30 accesses the home location register 40 in response to a call request for communication from the mobile communication terminal 10 so that it can obtain service information, call processing information, authenticating information or the like, as to the mobile communication terminal 10.
Now, an operation of the authenticating process for authenticating whether or not the mobile communication terminal 10 is an authorized terminal in such a mobile communication system will be described.
First, when the mobile communication terminal 10 transmits a call originating request to the mobile communication network, the call originating request is received by the switching center 30 through the base station 20, and the switching center 30 activates the PN oscillator 30a therein to generate a random number. Then, the random number is transmitted to the mobile communication terminal 10 through the base station 20.
Subsequently, the radio transmitter-receiver 10a within the mobile communication terminal 10 receives the random number transmitted from the mobile communication network to output the random numbers to the calculating circuit 10c. The calculating circuit 10c executes calculation on the basis of the random number and the authenticating key stored in the memory 10b, and the radio transmitter-receiver 10a transmits this calculation result to the mobile communication network.
On the other hand, the calculating circuit 30b within the switching center 30 executes the calculation of the same algorithm as that of the calculating circuit 10c provided in the mobile communication terminal 10 on the basis of the random number which has been previously outputted from the PN oscillator 30a and the authenticating key of the mobile communication terminal 10, which has been stored in the home location register 40. Then, the comparator 30c compares the calculation result transmitted from the mobile communication terminal 10 with the calculation result outputted from the calculating circuit 30b.
As a result of the comparison by the comparator 30c, if those two calculation results coincide with each other, the control circuit 30d judges that the mobile communication terminal which has requested the call origination is an authorized terminal and executes a call connecting process with the mobile communication terminal 10, and if they do not coincide with each other, the control circuit 30d judges that it is an unauthorized terminal and rejects the call request. With the above processes, the authenticating process has been completed.
The above-mentioned mobile communication terminal authenticating system is an authenticating system in which the same authenticating key stored in the mobile communication terminal and the home location register, respectively, are used for calculating by the calculating circuit 10c of the mobile communication terminal and the calculating circuit 30b of the switching center having the same calculating algorithm, respectively, so that these results are compared to judge the authorization of the mobile communication terminal.
However, if a mobile communication terminal copying the calculating circuit and authenticating key illegally, which are commonly stored both in the mobile communication terminal 10 and the home location register 40 of the mobile communication network, is used, the above authenticating system cannot recognize whether the mobile communication terminal 10 is an authorized terminal or not.
The mobile communication system disclosed in Japanese Patent Unexamined Publication No. 2-224425 is an authenticating system in which the mobile communication network notifies new authenticating key to be used at a next time to the mobile communication terminal for every call so that the authenticating key is renewed and held in both the mobile communication network and the mobile communication terminal for every call.
According to this system, if the unauthorized mobile communication terminal which has copied an authorized terminal including the authenticating key makes a call, the authenticating key is renewed in both the mobile communication network and the unauthorized terminal, but the authenticating key in the authorized terminal is not renewed. Therefore, since the authenticating keys do not coincide with each other when the authorized terminal makes a call request at the next time, a subscriber can recognize the existence of unauthorized terminal at an early stage.
The technique similar to that in which the authenticating key is changed for every call is also disclosed as "Method and apparatus for authentication and protection of subscribers in telecommunication systems" in U.S. Pat. No. 5,239,294.
However, in such a mobile communication system, because an authenticating key to be used at a next time is transmitted through a radio channel from the mobile communication network to the mobile communication terminal, if the unauthorized terminal can intercept a next authenticating key again transmitted from the mobile communication network, the authenticating key can be renewed. As a result, the unauthorized terminal can enjoy the mobile communication service illegally again.
Since the conventional mobile communication terminal authenticating system executes the above-mentioned authenticating process, in the authenticating system which judges the authorization of the terminal by calculating the same authenticating key to verify its result, there arises a problem that, even though an unauthorized terminal which has copied the authenticating key and the calculating circuit exists, the mobile communication network cannot recognize the existence of the unauthorized terminal.
Also, in the authenticating system in which the authenticating key is renewed in both the mobile communication network and the mobile Communication terminal for every call, there arises a problem that, since the authenticating key to be used at a next time is transmitted through a radio channel from the mobile communication network to the terminal, even though the unauthorized terminal can be temporarily removed, the unauthorized terminal can enjoy the mobile communication service again if the unauthorized terminal intercepts the next authenticating key.